[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd not working on ldaps?
I am trying to get slapd set up using SSL with no luck.
Here is what I've done so far:
- Followed the instructions on www.tldp.org to set up a CA for my self.
- Got OpenLDAP compiled and working on the stock ldap port
- Added some entries! (ldapsearch works here!)
- Added the following to my slapd.conf
TLSCACertificateFile C:/openldap/build/ca/cacert.crt
TLSCACertificatePath C:/openldap/build/ca
TLSCertificateFile C:/openldap/build/ca/ldapcert.pem
TLSCertificateKeyFile C:/openldap/build/ca/ldapreq.pem
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSVerifyClient demand
- Started slapd with: (It asks for my password and such)
slapd -d -1 -f slapd.conf -h "ldaps:// ldap://"
- Set up a C:\openldap\sysconf\ldap.conf file
*** Sure would be nice to send this as a command line param! ***
Contents:
TLS_CACERT C:\openldap\build\ca\cacert.crt
TLS_CACERTDIR C:\openldap\build\ca
TLS_CERT C:\openldap\build\ca\client1cert.pem
TLS_KEY C:\openldap\build\ca\client1req.pem
- Then tried to do this:
ldapsearch -d -1 -Z -H "ldaps://127.0.0.1:636" -D /
"cn=Manager,o=Acme,l=Fairfax,st=Virginia,c=US" -w secret -b /
"o=Acme,l=Fairfax,st=Virginia,c=US" "(objectclass=*)"
And I get errors from both slapd and ldapsearch! (below is some debug
output)
What am I doing wrong?
NOTE: OpenLDAP v2.1.12
NOTE: OpenSSL v0.9.7
NOTE: OS: Win XP sp1
NOTE: I couldn't get OpenLDAP to compile so I removed the
sslv3_send_alert function call
NOTE: damn windows...
slapd
---------------------------------------
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept.
TLS: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did
not return
a certificate .\ssl\s3_srvr.c:1978
connection_read(1292): TLS accept error error=-1 id=0, closing
Ldapsearch
-----------------------------------------
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
tls_write: want=210, written=210
...
TLS trace: SSL_connect:SSLv3 flush data
tls_read: want=5, got=5
0000: 15 03 01 00 02 .....
tls_read: want=2, got=2
0000: 02 28 .(
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:failed in SSLv3 read finished A
TLS: can't connect.
ldap_perror
ldap_start_tls: Can't contact LDAP server (81)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert
handshake failure
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_perror
ldap_bind: Can't contact LDAP server (81)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert
handshake failure